Insecure service configuration - DocumentBuilderFactory
Description
DocumentBuilderFactory is insecurely configured, which makes it susceptible to XXE attacks.
Impact
- Read confidential information. - Execute commands on the server.
Recommendation
Securely configure DocumentBuilderFactory.
Threat
Authorized attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.
Requirements
158 - Use a secure programming languageFixes